-
-
Save jeremedia/ab1b62a968903f81c304002019cac82b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerName your-domain.com | |
| ServerAlias www.your-domain.com | |
| # Redirect HTTP traffic to HTTPS | |
| RewriteEngine On | |
| RewriteCond %{HTTPS} off | |
| RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| ServerName your-domain.com | |
| ServerAlias www.your-domain.com | |
| RequestHeader set X_FORWARDED_PROTO 'https' | |
| # SSL configuration | |
| SSLEngine on | |
| SSLCertificateFile /path/to/your/certificate.crt | |
| SSLCertificateKeyFile /path/to/your/private-key.key | |
| SSLCertificateChainFile /path/to/your/ca-bundle.crt | |
| # Proxy requests to the Puma server | |
| ProxyPreserveHost On | |
| ProxyPass / http://0.0.0.0:3000/ retry=0 | |
| ProxyPassReverse / http://0.0.0.0:3000/ | |
| # Proxy WebSocket requests for Action Cable | |
| RewriteEngine on | |
| RewriteCond %{HTTP:Upgrade} websocket [NC] | |
| RewriteCond %{HTTP:Connection} upgrade [NC] | |
| RewriteRule ^/cable(.*) ws://0.0.0.0:3000/cable$1 [P,L] | |
| # Headers configuration | |
| Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" | |
| Header always set X-Content-Type-Options "nosniff" | |
| Header always set X-Frame-Options "SAMEORIGIN" | |
| Header always set X-XSS-Protection "1; mode=block" | |
| Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ChatGPT-4 says:
An example Apache configuration for serving a Rails application running with Puma at http://0.0.0.0:3000/ and using Action Cable. This example assumes that you have already enabled the necessary Apache modules (proxy, proxy_http, proxy_wstunnel, headers, and rewrite).
Create a new file called rails_app.conf and add the Apache config directives above/
Replace your-domain.com, www.your-domain.com, and paths to your SSL certificate files with the appropriate values for your setup.
Save the rails_app.conf file and add it to the Apache configuration by creating a symbolic link to the sites-available directory and enabling the site:
Finally, restart Apache to apply the changes:
sudo systemctl restart apache2This configuration sets up a virtual host for both HTTP and HTTPS traffic, redirecting HTTP traffic to HTTPS. It also proxies requests to the Puma server and WebSocket requests for Action Cable, along with configuring some security-related headers.